We know there are many customers who are extremely happy with ISA Server 2006 and have been putting off migration to Forefront TMG 2010. As 2010 is coming to an end, we think you should include migration to TMG 2010 as one of your new year resolutions.
This post will focus on showing you why and help you learn more about Forefront TMG 2010.
Value Proposition: Microsoft Secure Web Gateway with Forefront TMG 2010
Forefront Threat Management Gateway allows employees to safely and productively use the Internet without worrying about malware and other threats. It provides multiple layers of continuously updated protections against the latest Web-based threats, including URL filtering, antimalware inspection, and intrusion prevention.
Microsoft Forefront TMG Core Capabilities
Microsoft Forefront TMG 2010 is positioned as a Secure Web Gateway. The core new features of this product are:
- URL filtering: improves blocking of malicious or inappropriate sites using aggregated data from multiple URL filtering vendors and the anti-phishing and malware technologies that also protect Internet Explorer 8 users.
- HTTPS Inspection: inspect outbound HTTPS traffic in order to protect your organization from security risks inherent to Secure Sockets Layer (SSL) tunnels, such as viruses and other malicious content that could infiltrate the organization undetected.
- Intrusion Prevention (NIS): Protects against browser-based and other Microsoft vulnerabilities.
- Web anti-malware: Provides highly accurate malware detection with the same world-class engine that is used by Microsoft Security Essentials and Microsoft Forefront products.
- Support for Windows Server 2008 R2 (x64): first Microsoft Edge protection product that leverages the scalability and increased memory space improvements of the Windows 64 bit platform.
ISA Server 200X Capabilities
ISA Server 200x doesn’t offer the same Secure Web Gateway capabilities that Forefront TMG offers. ISA Server 200x is commonly used in a Proxy (forward and reverse) type of scenario. Forefront TMG inherits all the ISA Server 2006 capabilities and adds new features to provide more comprehensive protection, while providing a seamless migration path.
Side by Side Comparison
Use the table below to compare ISA 2006 to TMG 2010 feature wise:
What you can do on TMG that you cannot do on ISA
Back in May 2010 I wrote a post on my personal blog where I covered some common scenarios where customers commonly ask if they can use ISA. I selected the top 5 scenarios where there is a real need in the environment, however such a need cannot be answered by ISA Server. The good news is that it can be definitely be answered with TMG. Check the full article at http://blogs.technet.com/b/yuridiogenes/archive/2010/05/28/can-i-do-this-on-isa-server-no-but-you-can-with-tmg.aspx
Learn more about Forefront TMG 2010
Below are some resources that are available for learning about and trying Forefront TMG 2010:
- Forefront TMG Virtual Lab – excellent resource for trying out TMG without having to install it first.
- Forefront TMG Trial version – 120 day, fully functional, trial version to install and test in your own labs.
- Microsoft Business Ready Security Lab – The Microsoft Business Ready Security trial environment provides an end to end trial experience across all of the Business Ready Security solutions. The environment provides an opportunity to evaluate protection, access, management and identity technologies as a pre-configured set of VHDs
- Case Studies Site
- Using Forefront TMG 2010 as a Secure Web Gateway solution – TechNet Magazine article.
- Forefront TMG Pricing and Licensing.
- MS Tech Edge Video about TMG migration from ISA.
- MS Tech Edge Video about TMG Web Access Protection.
- Forefront TMG Web Casts:
- TMG Team Blog
- Forefront Edge Community Site
- Microsoft Press Forefront TMG 2010 Administrator’s Companion Book
Sr Security Support Escalation Engineer
Microsoft CSS Forefront Security Edge Team
Senior Program Manager
Microsoft Forefront Threat Management Gateway Team